Werner Koch <wk(_at_)gnupg(_dot_)org> writes:
rfc2440 and rfc4880 both included IDEA as a SHOULD algorithm despite that
IDEA was patent encumbered. Also RSA was patent encumbered when 2440 was
published and nevertheless a SHOULD algorithm.
They were there because there wasn't much choice. PGP 2.0 used IDEA and RSA,
so it had to be kept around for future versions, although it was only a
SHOULD, not a MUST. With OCB in contrast you're introducing a new patent-
encumbered algorithm for no obvious reason.
If you really want the protection that OCB offers then encrypt-then-MAC is a
totally unencumbered way of doing the same thing. It's been in S/MIME for
years.
Peter.
_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp